Search in sources :

Example 1 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class KeycloakAdapterPolicyEnforcer method getPermissionTicket.

private String getPermissionTicket(PathConfig pathConfig, PolicyEnforcerConfig.MethodConfig methodConfig, AuthzClient authzClient, OIDCHttpFacade httpFacade) {
    if (getEnforcerConfig().getUserManagedAccess() != null) {
        ProtectionResource protection = authzClient.protection();
        PermissionResource permission = protection.permission();
        PermissionRequest permissionRequest = new PermissionRequest();
        permissionRequest.setResourceId(pathConfig.getId());
        permissionRequest.setScopes(new HashSet<>(methodConfig.getScopes()));
        Map<String, List<String>> claims = resolveClaims(pathConfig, httpFacade);
        if (!claims.isEmpty()) {
            permissionRequest.setClaims(claims);
        }
        return permission.create(permissionRequest).getTicket();
    }
    return null;
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) ArrayList(java.util.ArrayList) List(java.util.List) PermissionResource(org.keycloak.authorization.client.resource.PermissionResource)

Example 2 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testReusingAccessAndRefreshTokens.

private void testReusingAccessAndRefreshTokens(int expectedUserSessionsCount) throws Exception {
    ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
    ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
    List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
    assertEquals(0, userSessions.size());
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    ProtectionResource protection = authzClient.protection();
    protection.resource().findByName("Default Resource");
    userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
    assertEquals(expectedUserSessionsCount, userSessions.size());
    Thread.sleep(2000);
    protection = authzClient.protection();
    protection.resource().findByName("Default Resource");
    userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
    assertEquals(expectedUserSessionsCount, userSessions.size());
}
Also used : UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthzClient(org.keycloak.authorization.client.AuthzClient) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 3 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testFindByName.

@Test
public void testFindByName() {
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    ProtectionResource protection = authzClient.protection();
    protection.resource().create(new ResourceRepresentation("Admin Resources"));
    protection.resource().create(new ResourceRepresentation("Resource"));
    ResourceRepresentation resource = authzClient.protection().resource().findByName("Resource");
    assertEquals("Resource", resource.getName());
    ResourceRepresentation adminResource = authzClient.protection().resource().findByName("Admin Resources");
    assertEquals("Admin Resources", adminResource.getName());
    assertNotEquals(resource.getId(), adminResource.getId());
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthzClient(org.keycloak.authorization.client.AuthzClient) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 4 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testRemovePoliciesOnClientDelete.

@Test
public void testRemovePoliciesOnClientDelete() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.addClient("client-remove");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    protection.policy(resource.getId()).create(newPermission);
    getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnClientDelete);
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 5 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testOnlyResourceOwnerCanManagePolicies.

@Test
public void testOnlyResourceOwnerCanManagePolicies() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    ProtectionResource protection = getAuthzClient().protection();
    resource = protection.resource().create(resource);
    try {
        getAuthzClient().protection("alice", "password").policy(resource.getId()).create(new UmaPermissionRepresentation());
        fail("Error expected");
    } catch (Exception e) {
        assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resource owner can access policies for resource"));
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

ProtectionResource (org.keycloak.authorization.client.resource.ProtectionResource)23 Test (org.junit.Test)17 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)17 UmaPermissionRepresentation (org.keycloak.representations.idm.authorization.UmaPermissionRepresentation)15 NotFoundException (javax.ws.rs.NotFoundException)9 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)9 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)7 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)7 AuthzClient (org.keycloak.authorization.client.AuthzClient)4 AccessToken (org.keycloak.representations.AccessToken)4 AuthorizationResource (org.keycloak.authorization.client.resource.AuthorizationResource)3 Permission (org.keycloak.representations.idm.authorization.Permission)3 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)3 ArrayList (java.util.ArrayList)2 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2 PolicyResource (org.keycloak.authorization.client.resource.PolicyResource)2 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)2 List (java.util.List)1 PermissionResource (org.keycloak.authorization.client.resource.PermissionResource)1